In existing single sign-on (SSO) applications, which are intended to provide a more convenient user experience, users may be automatically logged into a selected web site without checking the authenticity of the site. Thus, when a user attempts to access personal finance and similar sites where confidentiality is important, user credentials in the form of username and password might inadvertently be tendered by an SSO application to a false site masquerading as the real site. This can happen, for example, when an SSO application operates to log into a site based on the domain or uniform resource locator (URL) address of the site, and the user credentials are captured by a false site that substitutes its own address for the real one. This result can lead to decreased consumer satisfaction, as well as decreased network security.